Practice Test Questions

29 Jan

Posted at 12:25h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Alan is conducting a penetration test and gains access to an application server. During his attack, he creates a new administrative account on the server that he can use to access the system through its standard user interface. What testing goal is Alan hoping to achieve with this action?A. Pivoting B. Cleanup C. Lateral Movement D. Persistence Correct Answer: D Alan is providing himself with a way to access the system at a later date through alternative channels. This is an example of persistence, allowing his access to the system to remain intact even if the original vulnerability he exploited is later patched. Pivoting and lateral movement are techniques where the attacker gains access to one system and then uses that access to gain access to other systems. That's not what's happening here. Finally, cleanup occurs when the attacker removes traces of their presence from the network. That hasn't yet happened in this scenario. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

29 Jan

Posted at 12:20h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. Which ISO standard contains specific guidance on the privacy of personally identifiable information? A. ISO 27001 B. ISO 27002 C. ISO 31000 D. ISO 27701 Correct Answer: D ISO standard 27701 contains guidance on enhancing an information security management system to establish privacy standards for personally identifiable information. ISO 27001 and 27002 cover the standards and best practices for implementing an information security management system. The ISO 31000 family of standards cover the design and implementation of a risk management program. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...

29 Jan

Posted at 12:17h in Practice Test Questions by

Preparing for your next security certification exam? After trying your hand at this practice test question, join the FREE CertMike Study Group for the CISSP, Security+, CySA+, PenTest+, CISM+ or SSCP certification to receive new questions each week. You’ll also receive free access to my customized study strategies. A contractor for the German company Siemens recently pled guilty to an attack where he altered software he sold to Siemens so that it would periodically break, requiring the company to hire him to fix it. What term best describes this type of attack? A. Logic Bomb B. RAT C. Worm D. Trojan Horse Correct Answer: A This is an example of a logic bomb, a piece of malicious software that is configured to trigger its payload when some future conditions are met. In this case, the attacker programmed the software to wait until a certain time and then disable itself. A remote access trojan, or RAT, is malware that allows the attacker to access the infected system. There's no discussion of that happening in this situation. In fact, there's no indication that any malware was used in the attack, which tells us that the attack wasn't a regular Trojan horse or a worm either. Interested in more practice test questions? Get a copy of my official CertMike Practice Test books for the Security+ exam, CISSP exam, SSCP exam, or CySA+ exam and practice with hundreds of questions designed just like the real test! ...